3 matches found
CVE-2021-38322
The Twitter Friends Widget WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the pmcTFuser and pmcTFpassword parameter found in the /twitter-friends-widget.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.1...
CVE-2021-38322 Twitter Friends Widget <= 3.1 Reflected Cross-Site Scripting
The Twitter Friends Widget WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the pmcTFuser and pmcTFpassword parameter found in the /twitter-friends-widget.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.1...
CVE-2021-38322
The CVE concerns the Twitter Friends Widget WordPress plugin (versions up to 3.1) and is a Reflected Cross-Site Scripting (XSS) vulnerability triggered via the pmc_TF_user and pmc_TF_password parameters in ~/twitter-friends-widget.php. Affected component: WordPress plugin code handling these inpu...